Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
typelist
printablefalse

AD GPO

Compliance Remediation for

...

Domain-joined Machines

Info

The download for CIS Compliance remediation utilising AD GPO policies are detailed in this document to help remediating major non-compliant CIS controls.

...

  • Navigate to Company View> Compliance section and select Remediation to get to Remediation Compliance.

  • Download the required OS GPO policy from this section.

...

Steps to Create GPO and Link into OU

...

in Domain Controller

  • Navigate to Group Policy Management under Domain, right-click on WMI Filter, and then click on Import and select the WMI Filter file for the required OS (Windows 10, Windows 11, Windows Server 2022, Windows Server 2016, Windows Server 2012, and Windows Server 2019). Then click on Import. Please find the below screenshot for reference.

...

  • E.g. WMI Filter for Windows 10.

...

  • Click on the Import Button as shown in the below screenshot:

...

  • Right-click on Group Policy Objects → click on New and create a New GPO for Windows 10 Computer, Windows 10 User, Windows Server 2022 Computer, and Windows Server 2022 User and then click on OK.
    Eg : cis_win10_computer, cis_win10_user, cis_win2022_computer, cis_win2022_user

...

  • After creating GPOs for (Windows 10 Computer, Windows 10 User, Windows Server 2022 Computer, and Windows Server 2022 User) we have to Link these GPOs with the OU CCNS_CIS.
    To Link these GPOs to OU, right-click on the OU CCNS_CIS and then click on Link an Existing GPO and select all the GPOs for Windows 10 and Windows Server 2022 Computer and User.

...

  • Eg. After Applying GPO the Non-Compliant Count is 39 for Windows Server 2022.

...

  • This completes the Compliance Remediation Compliance documentation for Domain-joined machines.

Compliance Remediation for Workgroup Machines

  • To apply Compliance Remediation policies for Workgroup machines, please refer to the below video for reference.

  • Download the LGPO.exe using the below link

...

Note

Please try this at your own risk and try it first in the test instance and then install it in the production instance. Also please backup existing GPO to avoid any issues.

...

  • This completes the Compliance Remediation documentation for Workgroup machines.